Hello,
Is there a way to access the administrator name making the request via the IsCommandAvailable so we can tailor menu options based on the administrator?
Thanks
Hello,
Is there a way to access the administrator name making the request via the IsCommandAvailable so we can tailor menu options based on the administrator?
Thanks
Normally, the command list is dynamically built up based on the rights granted by the access template(s) that the delegated admin is a trustee for.
Is there a reason this is not suitable for you?
Note. AR Client layout (MMC, WI, script) is just a presentation of the content (AD) more or less friendly and, strictly speaking, nothing to do with permissions granted.
Real granular access permissions are to be enforced via AR Access Templates (AT).
IsCommandAvailable is used to limit the visibility of items based on other criteria, not permissions. So, for instance, we have an option to 'Suspend' a user which simply updates an attribute. So, we use IsCommandAvailable to hide this option if the attribute has already be set. This all works fine. What we are trying to do now is change the visibility of the menu items based on the administrator currently logged in. Again, this isn't permissions or access template related. IsCommandAvailable lets you easily access the directory object of the item select but we need to access the details of the administrator performing the action.
The $Session object has information regarding the credential used to access the session.
The Active Roles SDK has more information, but it looks like you can access the current session using $Security.Sessions.Current object which has a UserName property.
That would be PowerShell, IsCommandAvailable is vbscript with a web session.
You can access the object with whichever scripting language you prefer. There are both VBScript and PowerShell samples in the SDK.
Well I tried but the script refused to run:
Set Session = Security.Sessions.Current ' Retrieve AdsPath of the user in which security context ' this session is running strUserAdsPath = Session.UserPath
I don't think Security is available via VBScript in a web session. I can't find any errors anywhere though.
As an update, it does appear there is a Request object of type RequestFormForScript but I can't seem to pry anything out from it.
Hi Nicholas,
As a workaround to sort of trick this into working, you can do the following:
So the above with then check if the logged in administrator has access to modify the new virtual attribute, and if they do based on the access template, the command will be displayed.
Keep in mind though, if the other administrators have 'Modify - All Properties' that's propagated to the object, the command will also be displayed. So you may have to deal with this by denying access for everyone else.